Virus beagle
Résolu/Fermé
A voir également:
- Virus beagle
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Faux message virus ordinateur - Accueil - Arnaque
- Softonic virus ✓ - Forum Virus
- Faux message virus iphone - Forum iPhone
17 réponses
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
18 janv. 2009 à 21:18
18 janv. 2009 à 21:18
Salut,
Pour commencer, supprile le fichier qui t'a infecté et tes autres cracks au passage ...!
ça évitera que tu revienne dans une semaine pour le même problème ...!
ésactive l’UAC (User Account Control) le temps de la désinfection.
Démarrer, Panneau de configuration, Comptes d’utilisateurs, Désactiver le contrôle des comptes d’utilisateur.
(Manipulation inverse pour le remettre en fin de désinfection).
(Cela va permettre aux outils de désinfection de travailler correctement).
**************
Télécharge FindyKill (Merci à Chiquitine29 !!)
= = = = >>> En cliquant ici <<< = = = =
Fais un clic droit sur le lien, Enregistrer la cible sous (Internet Explorer) ou Enregistrer la cible du lien sous (Firefox) …
Choisis d’enregistrer le fichier sur le bureau.
Clique droit sur FindyKill.exe, exécuter en tant qu'administrateur.
Choisis l’option 1 (Recherche)
Un rapport va s’ouvrir, poste le dans ta prochaine réponse.
Note :
Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt)
Pour commencer, supprile le fichier qui t'a infecté et tes autres cracks au passage ...!
ça évitera que tu revienne dans une semaine pour le même problème ...!
ésactive l’UAC (User Account Control) le temps de la désinfection.
Démarrer, Panneau de configuration, Comptes d’utilisateurs, Désactiver le contrôle des comptes d’utilisateur.
(Manipulation inverse pour le remettre en fin de désinfection).
(Cela va permettre aux outils de désinfection de travailler correctement).
**************
Télécharge FindyKill (Merci à Chiquitine29 !!)
= = = = >>> En cliquant ici <<< = = = =
Fais un clic droit sur le lien, Enregistrer la cible sous (Internet Explorer) ou Enregistrer la cible du lien sous (Firefox) …
Choisis d’enregistrer le fichier sur le bureau.
Clique droit sur FindyKill.exe, exécuter en tant qu'administrateur.
Choisis l’option 1 (Recherche)
Un rapport va s’ouvrir, poste le dans ta prochaine réponse.
Note :
Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt)
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
18 janv. 2009 à 21:40
18 janv. 2009 à 21:40
Patiente un peu, cala fait combien de temps ?
Non c'est bon enfait.
----------------- FindyKill V4.713 ------------------
* User : Erwan - PC-DE-ERWAN
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/01/09 par Chiquitine29
* Recherche effectuée à 21:37:53 le 18/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\SearchFilterHost.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
Found ! [18/01/2009 00:05] - "C:\Muestras"
Found ! [18/01/2009 18:49] - C:\InfoSat.txt
»»»» Presence des fichiers dans C:\Windows
»»»» Presence des fichiers dans C:\Windows\Prefetch
Found ! - C:\Windows\prefetch\102633.EXE-CA947C58.pf
Found ! - C:\Windows\prefetch\122304.EXE-D966C751.pf
Found ! - C:\Windows\prefetch\127889.EXE-1BDCDDFC.pf
Found ! - C:\Windows\prefetch\140837.EXE-CA460390.pf
Found ! - C:\Windows\prefetch\206046.EXE-B0A4DC37.pf
Found ! - C:\Windows\prefetch\227262.EXE-B5A9573E.pf
Found ! - C:\Windows\prefetch\254032.EXE-85A04885.pf
Found ! - C:\Windows\prefetch\349114.EXE-AE3C0E23.pf
Found ! - C:\Windows\prefetch\377116.EXE-ADD9B902.pf
Found ! - C:\Windows\prefetch\91525.EXE-C86C024B.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-C22C3B8F.pf
Found ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf
Found ! - C:\Windows\prefetch\WINTEMS.EXE-85AF748B.pf
Found ! - C:\Windows\Prefetch\PATCH.EXE-D8E71B31.pf
»»»» Presence des fichiers dans C:\Windows\system32
Found ! [17/01/2009 23:55] - C:\Windows\system32\mdelk.exe
Found ! [17/01/2009 23:55] - C:\Windows\system32\wintems.exe
Found ! [18/01/2009 21:32] - C:\Windows\system32\ban_list.txt
»»»» Presence des fichiers dans C:\Windows\system32\drivers
»»»» Presence des fichiers dans C:\Users\Erwan\AppData\Roaming
Found ! [18/01/2009 21:36] - "C:\Users\Erwan\AppData\Roaming\m\flec006.exe"
Found ! [18/01/2009 21:36] - "C:\Users\Erwan\AppData\Roaming\m\list.oct"
Found ! [18/01/2009 21:37] - "C:\Users\Erwan\AppData\Roaming\m\data.oct"
Found ! [18/01/2009 21:37] - "C:\Users\Erwan\AppData\Roaming\m\srvlist.oct"
Found ! [18/01/2009 21:40] - "C:\Users\Erwan\AppData\Roaming\m\shared"
Found ! [18/01/2009 18:54] - "C:\Users\Erwan\AppData\Roaming\m"
Found ! [18/01/2009 19:02] - "C:\Users\Erwan\AppData\Roaming\drivers"
Found ! [18/01/2009 21:32] - "C:\Users\Erwan\AppData\Roaming\drivers\srosa2.sys"
Found ! [18/01/2009 21:32] - "C:\Users\Erwan\AppData\Roaming\drivers\wfsintwq.sys"
Found ! [15/10/2004 01:04] - "C:\Users\Erwan\AppData\Roaming\drivers\winupgro.exe"
Found ! [18/01/2009 21:37] - "C:\Users\Erwan\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Users\Erwan\AppData\Local\Temp
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
EA Core=C:\Program Files\Electronic Arts\EADM\Core.exe -silent
ehTray.exe=C:\Windows\ehome\ehTray.exe
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl=RtHDVCpl.exe
Apoint=C:\Program Files\Apoint2K\Apoint.exe
PowerManager=C:\Program Files\Power Manager\PM.exe
NeroFilterCheck=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
recinfo123=c:\RecInfo\RecInfo.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
TomTomHOME.exe="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
EoEngine="C:\Program Files\EoRezo\EoEngine.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
Wlansvc - Type de démarrage = 2
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
/!\ WinDefend - Type de démarrage = 4
/!\ UAC is Disable
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM
+- Contenu de l'autorun : E:\autorun.inf
[autorun]
open=autoplay.exe
icon=eu3.ico
+- presence des fichiers :
Found ! [04/12/2006 18:17][-r-------] - E:\autorun.inf
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --
----------------- FindyKill V4.713 ------------------
* User : Erwan - PC-DE-ERWAN
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/01/09 par Chiquitine29
* Recherche effectuée à 21:37:53 le 18/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\SearchFilterHost.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
Found ! [18/01/2009 00:05] - "C:\Muestras"
Found ! [18/01/2009 18:49] - C:\InfoSat.txt
»»»» Presence des fichiers dans C:\Windows
»»»» Presence des fichiers dans C:\Windows\Prefetch
Found ! - C:\Windows\prefetch\102633.EXE-CA947C58.pf
Found ! - C:\Windows\prefetch\122304.EXE-D966C751.pf
Found ! - C:\Windows\prefetch\127889.EXE-1BDCDDFC.pf
Found ! - C:\Windows\prefetch\140837.EXE-CA460390.pf
Found ! - C:\Windows\prefetch\206046.EXE-B0A4DC37.pf
Found ! - C:\Windows\prefetch\227262.EXE-B5A9573E.pf
Found ! - C:\Windows\prefetch\254032.EXE-85A04885.pf
Found ! - C:\Windows\prefetch\349114.EXE-AE3C0E23.pf
Found ! - C:\Windows\prefetch\377116.EXE-ADD9B902.pf
Found ! - C:\Windows\prefetch\91525.EXE-C86C024B.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-C22C3B8F.pf
Found ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf
Found ! - C:\Windows\prefetch\WINTEMS.EXE-85AF748B.pf
Found ! - C:\Windows\Prefetch\PATCH.EXE-D8E71B31.pf
»»»» Presence des fichiers dans C:\Windows\system32
Found ! [17/01/2009 23:55] - C:\Windows\system32\mdelk.exe
Found ! [17/01/2009 23:55] - C:\Windows\system32\wintems.exe
Found ! [18/01/2009 21:32] - C:\Windows\system32\ban_list.txt
»»»» Presence des fichiers dans C:\Windows\system32\drivers
»»»» Presence des fichiers dans C:\Users\Erwan\AppData\Roaming
Found ! [18/01/2009 21:36] - "C:\Users\Erwan\AppData\Roaming\m\flec006.exe"
Found ! [18/01/2009 21:36] - "C:\Users\Erwan\AppData\Roaming\m\list.oct"
Found ! [18/01/2009 21:37] - "C:\Users\Erwan\AppData\Roaming\m\data.oct"
Found ! [18/01/2009 21:37] - "C:\Users\Erwan\AppData\Roaming\m\srvlist.oct"
Found ! [18/01/2009 21:40] - "C:\Users\Erwan\AppData\Roaming\m\shared"
Found ! [18/01/2009 18:54] - "C:\Users\Erwan\AppData\Roaming\m"
Found ! [18/01/2009 19:02] - "C:\Users\Erwan\AppData\Roaming\drivers"
Found ! [18/01/2009 21:32] - "C:\Users\Erwan\AppData\Roaming\drivers\srosa2.sys"
Found ! [18/01/2009 21:32] - "C:\Users\Erwan\AppData\Roaming\drivers\wfsintwq.sys"
Found ! [15/10/2004 01:04] - "C:\Users\Erwan\AppData\Roaming\drivers\winupgro.exe"
Found ! [18/01/2009 21:37] - "C:\Users\Erwan\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Users\Erwan\AppData\Local\Temp
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
EA Core=C:\Program Files\Electronic Arts\EADM\Core.exe -silent
ehTray.exe=C:\Windows\ehome\ehTray.exe
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl=RtHDVCpl.exe
Apoint=C:\Program Files\Apoint2K\Apoint.exe
PowerManager=C:\Program Files\Power Manager\PM.exe
NeroFilterCheck=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
recinfo123=c:\RecInfo\RecInfo.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
TomTomHOME.exe="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
EoEngine="C:\Program Files\EoRezo\EoEngine.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
Wlansvc - Type de démarrage = 2
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
/!\ WinDefend - Type de démarrage = 4
/!\ UAC is Disable
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM
+- Contenu de l'autorun : E:\autorun.inf
[autorun]
open=autoplay.exe
icon=eu3.ico
+- presence des fichiers :
Found ! [04/12/2006 18:17][-r-------] - E:\autorun.inf
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
18 janv. 2009 à 21:44
18 janv. 2009 à 21:44
Nettoyage :
--> Clic droit sur le raccourci FindyKill sur ton bureau, exécuter en tant qu'administrateur.
--> Au menu principal, choisis l’option 2 (Suppression)
/!\ Il y aura deux redémarrages, laisse travailler l’outil jusqu’à l’apparition du message "nettoyage effectué" /!\
/!\ Ne te sert pas du pc durant la suppression, ton bureau ne sera pas accessible, c’est normal ! /!\
Ensuite poste le rapport FindyKill.txt
Notes :
* Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\ FindyKill.txt)
* Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide
--> Clic droit sur le raccourci FindyKill sur ton bureau, exécuter en tant qu'administrateur.
--> Au menu principal, choisis l’option 2 (Suppression)
/!\ Il y aura deux redémarrages, laisse travailler l’outil jusqu’à l’apparition du message "nettoyage effectué" /!\
/!\ Ne te sert pas du pc durant la suppression, ton bureau ne sera pas accessible, c’est normal ! /!\
Ensuite poste le rapport FindyKill.txt
Notes :
* Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\ FindyKill.txt)
* Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide
J'ai rien dit :)
----------------- FindyKill V4.713 ------------------
* User : Erwan - PC-DE-ERWAN
* Executed from : C:\Program Files\FindyKill
* Update on 17/01/09 by Chiquitine29
* Start at 21:50:03 the 18/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\runonce.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt
»»»» Supression files in C:\Windows
»»»» Supression files in C:\Windows\Prefetch
Deleted ! - C:\Windows\prefetch\102633.EXE-CA947C58.pf
Deleted ! - C:\Windows\prefetch\122304.EXE-D966C751.pf
Deleted ! - C:\Windows\prefetch\127889.EXE-1BDCDDFC.pf
Deleted ! - C:\Windows\prefetch\140837.EXE-CA460390.pf
Deleted ! - C:\Windows\prefetch\206046.EXE-B0A4DC37.pf
Deleted ! - C:\Windows\prefetch\227262.EXE-B5A9573E.pf
Deleted ! - C:\Windows\prefetch\254032.EXE-85A04885.pf
Deleted ! - C:\Windows\prefetch\349114.EXE-AE3C0E23.pf
Deleted ! - C:\Windows\prefetch\377116.EXE-ADD9B902.pf
Deleted ! - C:\Windows\prefetch\91525.EXE-C86C024B.pf
Deleted ! - C:\Windows\prefetch\FLEC006.EXE-C22C3B8F.pf
Deleted ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf
Deleted ! - C:\Windows\prefetch\PATCH.EXE-D8E71B31.pf
Deleted ! - C:\Windows\prefetch\WINTEMS.EXE-85AF748B.pf
»»»» Supression files in C:\Windows\system32
Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt
»»»» Supression files in C:\Windows\system32\drivers
»»»» Supression files in C:\Users\Erwan\AppData\Roaming
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\4Leaf MOV Video Converter 2.2.5.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\7 days.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\A1 Website.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Access Flickr! 1.9.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ADOS 1.1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AFC Encrypto 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Aldo's Click-a-Lot! 1.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Allok Audio Converter 1.1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ALTools Lunar Zodiac Dog Wallpaper 2005.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Amadis DVD to iPod Converter 3.7.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Andromeda Hyper AppleTV Converter 2.83.006.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AniGif Lite ActiveX Control 2.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ante.al.200%.by.Stanka.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Antivir.Premium.Crack.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Anuko City Photos Screensaver 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ASIS Network Sniffer 2.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Atomic Asterisk Unhider 1.30.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Automind Regular 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Autoshare 4.23.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AveDesk SDK 1.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AVG Anti-Virus plus Firewall 8.0.200a1399.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AVG.Anti-Virus.PRO.SE.7.1.407.Build.804.+.Firewall.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Avg.Internet.Security.v7.5.432.867+Crack.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\BBCodeXtra 0.2.5.6.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\BetterHandles 1.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Bill Gates Eyes 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\BitDefender.AntiVirus.for.MS.SharePoint.v1.5.WinALL.Incl.Keymaker-CORE.crack.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Bitdefender.Professional.Plus.v8.0.201.WinALL.Incl.Keymaker-CORE.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\BSpy 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Camera Control Pro 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\CATCount
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Change Folder Icons 8.5.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Coin Collector Professional 7.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\CompuCram Appraisal 6 rev 9.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Control Panel Applet Generator 2.00.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\CPU ClockSpeed Plus.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Crack.Kaspersky.Internet.Security.2006.V.6.0.keygen(1).2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Crack.Panda.Antivirus+Firewall.2007.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Dbrowser 4.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Delete Files by Date 9.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Diet Calc Free 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Diving the Deep 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\DNLcc real-time Currency Exchange 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Duplicate File Finder .NET 1.0.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\DVBPortal HDTV Dump Filter 1.1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\FileMove Pro 2.05.04.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\FireCrypt 0.8 Build 219.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Font Fitting Room 2.9.6.8.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Fractal Screen 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\FTP Shadow 2.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Gantt Chart Builder System 5.4.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Garden Organizer Deluxe 3.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\GHOTI 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Google Link 1.7.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\GPX to Google Earth Converter 2.0 Build 020000.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Gsitemap 0.97a.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\HiFi Audio Stream 2.00.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Hip Hop Toolbar IE 4.5.128.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\How to Study Ebook 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Icon Editor 1.7.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Image 2 Icon Converter 2.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Joy MP4 To MP3 Converter 3.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Karaoke Sound Recorder 2.02.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Kaspersky.Anti.Virus.v6.0.0.300.with.Key.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\KingConvert For Nokia E51 4.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Link Popularity Check 3.0.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Lost Widget 2.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Mark All Read Button 0.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\MB-Timer 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\MenuMaid 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Metapolis 0.2.6.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Microsoft SMS Sender 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Millennia Calendar Lite 1.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Mini RPN Calc 1.8.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Miraplacid Form Lite 2.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Miss Claude.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Mitt Romney 7.10.05.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Mxp4Creator 1.r3750.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\MyWeb Browser 2.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\NGenerics 1.3 Beta.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Notes2k4 1.11.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\OctaGate Switch 2.2.27.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\One-click Slideshow 1.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Orb skins for Alwact Clock 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Outlook Express Email Address Extractor Pro 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Panelling Effect 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PDF Writer Pro 2.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PFConfig 1.0.216.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PFind 1.2.5.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PhotoScale! 0.060.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Portable JP RamBooster 2.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Prosto Disk Cleaner 2.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PurpleBunny Gadget 1.1.0.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Pwd-Gen 1.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PX3's AC3 to WAV Converter 0.0.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Reallusion TalkingSlide 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Registry First Aid 7.0.0.1648.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\RSS Feeds Toolbar 1.2.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Saab 3 Screensaver.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\SCRIBBLE 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Server Pulse 1.03.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ShareNet 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Sharp Zip Wrapper 1.01.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Snow Wonderland Screensaver 1.1.0.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\SoundTrek Drummer 1.0.2.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\SQLCE Database Viewer 2.4111.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Starburst 22.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Stock Analysis and Selection Software - SASS 1.6.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Supreme Invoices Basic 1.0.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Taskix 1.5.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Temperature Converter 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Thaiphoon Viewer 1.0 Build 1130 Final.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\The Onion Peeler 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Tiff Pdf Cleaner 1.01.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\TikiBar TV 1.0.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\TomTom.Mobile.v6.02.S60v3.SymbianOS9.1.Cracked-BiNPDA.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Transpan 5.01.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Turbo Email Answer 2.1.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Unite Video Redactor 1.02.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Verbiage 1.51.00.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Web Pic Rip 1.2.2.26.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Windows Media Playback 1.0.0.842.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Wise DVD To IPOD 3GP PSP MP4 Converter 5.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\WordHacker Golden Edition 4.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\WordSafe 2.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\X-Lizard Password Generator 1.5.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Yellow Pages Czech republic 1.0.zip
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers\srosa2.sys"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers\wfsintwq.sys"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers\winupgro.exe"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers"
»»»» Supression files in C:\Users\Erwan\AppData\Local\Temp
»»»» Supression files in C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64[2].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64_1[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64_3[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64_5[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\b64[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\b64_1[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\b64_2[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\b64_3[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\file[1].txt
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\file[2].txt
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\file[3].txt
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\WCKJRLZG\b64[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\WCKJRLZG\b64_2[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\WCKJRLZG\mxd[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\b64_1[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\b64_1[2].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\b64_1[3].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\b64_1[4].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\file[1].txt
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\patch
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\MuleAppData
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
EapHost - Type of startup = 2
Wlansvc - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
WinDefend - Type of startup = 2
-> UAC is Enable
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM
+- deleting files :
Not deleted !! - E:\autorun.inf
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Other Infections ] ----------------
Références de comparaison Bagle MD5 :
113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\wintems.exe
895c7dd60d43bc828d2355a956d9db27 C:\Users\Erwan\AppData\Roaming\drivers\winupgro.exe
895c7dd60d43bc828d2355a956d9db27 C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
Suspect ! - 895c7dd60d43bc828d2355a956d9db27 C:\Program Files\Electronic Arts\EADM\Core.exe -silent
Suspect ! - 895c7dd60d43bc828d2355a956d9db27 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
----------------- FindyKill V4.713 ------------------
* User : Erwan - PC-DE-ERWAN
* Executed from : C:\Program Files\FindyKill
* Update on 17/01/09 by Chiquitine29
* Start at 21:50:03 the 18/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\runonce.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt
»»»» Supression files in C:\Windows
»»»» Supression files in C:\Windows\Prefetch
Deleted ! - C:\Windows\prefetch\102633.EXE-CA947C58.pf
Deleted ! - C:\Windows\prefetch\122304.EXE-D966C751.pf
Deleted ! - C:\Windows\prefetch\127889.EXE-1BDCDDFC.pf
Deleted ! - C:\Windows\prefetch\140837.EXE-CA460390.pf
Deleted ! - C:\Windows\prefetch\206046.EXE-B0A4DC37.pf
Deleted ! - C:\Windows\prefetch\227262.EXE-B5A9573E.pf
Deleted ! - C:\Windows\prefetch\254032.EXE-85A04885.pf
Deleted ! - C:\Windows\prefetch\349114.EXE-AE3C0E23.pf
Deleted ! - C:\Windows\prefetch\377116.EXE-ADD9B902.pf
Deleted ! - C:\Windows\prefetch\91525.EXE-C86C024B.pf
Deleted ! - C:\Windows\prefetch\FLEC006.EXE-C22C3B8F.pf
Deleted ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf
Deleted ! - C:\Windows\prefetch\PATCH.EXE-D8E71B31.pf
Deleted ! - C:\Windows\prefetch\WINTEMS.EXE-85AF748B.pf
»»»» Supression files in C:\Windows\system32
Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt
»»»» Supression files in C:\Windows\system32\drivers
»»»» Supression files in C:\Users\Erwan\AppData\Roaming
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\4Leaf MOV Video Converter 2.2.5.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\7 days.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\A1 Website.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Access Flickr! 1.9.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ADOS 1.1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AFC Encrypto 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Aldo's Click-a-Lot! 1.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Allok Audio Converter 1.1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ALTools Lunar Zodiac Dog Wallpaper 2005.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Amadis DVD to iPod Converter 3.7.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Andromeda Hyper AppleTV Converter 2.83.006.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AniGif Lite ActiveX Control 2.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ante.al.200%.by.Stanka.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Antivir.Premium.Crack.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Anuko City Photos Screensaver 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ASIS Network Sniffer 2.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Atomic Asterisk Unhider 1.30.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Automind Regular 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Autoshare 4.23.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AveDesk SDK 1.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AVG Anti-Virus plus Firewall 8.0.200a1399.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\AVG.Anti-Virus.PRO.SE.7.1.407.Build.804.+.Firewall.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Avg.Internet.Security.v7.5.432.867+Crack.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\BBCodeXtra 0.2.5.6.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\BetterHandles 1.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Bill Gates Eyes 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\BitDefender.AntiVirus.for.MS.SharePoint.v1.5.WinALL.Incl.Keymaker-CORE.crack.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Bitdefender.Professional.Plus.v8.0.201.WinALL.Incl.Keymaker-CORE.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\BSpy 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Camera Control Pro 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\CATCount
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Change Folder Icons 8.5.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Coin Collector Professional 7.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\CompuCram Appraisal 6 rev 9.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Control Panel Applet Generator 2.00.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\CPU ClockSpeed Plus.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Crack.Kaspersky.Internet.Security.2006.V.6.0.keygen(1).2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Crack.Panda.Antivirus+Firewall.2007.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Dbrowser 4.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Delete Files by Date 9.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Diet Calc Free 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Diving the Deep 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\DNLcc real-time Currency Exchange 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Duplicate File Finder .NET 1.0.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\DVBPortal HDTV Dump Filter 1.1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\FileMove Pro 2.05.04.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\FireCrypt 0.8 Build 219.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Font Fitting Room 2.9.6.8.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Fractal Screen 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\FTP Shadow 2.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Gantt Chart Builder System 5.4.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Garden Organizer Deluxe 3.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\GHOTI 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Google Link 1.7.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\GPX to Google Earth Converter 2.0 Build 020000.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Gsitemap 0.97a.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\HiFi Audio Stream 2.00.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Hip Hop Toolbar IE 4.5.128.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\How to Study Ebook 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Icon Editor 1.7.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Image 2 Icon Converter 2.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Joy MP4 To MP3 Converter 3.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Karaoke Sound Recorder 2.02.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Kaspersky.Anti.Virus.v6.0.0.300.with.Key.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\KingConvert For Nokia E51 4.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Link Popularity Check 3.0.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Lost Widget 2.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Mark All Read Button 0.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\MB-Timer 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\MenuMaid 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Metapolis 0.2.6.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Microsoft SMS Sender 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Millennia Calendar Lite 1.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Mini RPN Calc 1.8.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Miraplacid Form Lite 2.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Miss Claude.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Mitt Romney 7.10.05.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Mxp4Creator 1.r3750.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\MyWeb Browser 2.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\NGenerics 1.3 Beta.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Notes2k4 1.11.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\OctaGate Switch 2.2.27.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\One-click Slideshow 1.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Orb skins for Alwact Clock 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Outlook Express Email Address Extractor Pro 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Panelling Effect 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PDF Writer Pro 2.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PFConfig 1.0.216.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PFind 1.2.5.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PhotoScale! 0.060.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Portable JP RamBooster 2.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Prosto Disk Cleaner 2.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PurpleBunny Gadget 1.1.0.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Pwd-Gen 1.3.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\PX3's AC3 to WAV Converter 0.0.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Reallusion TalkingSlide 1.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Registry First Aid 7.0.0.1648.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\RSS Feeds Toolbar 1.2.0.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Saab 3 Screensaver.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\SCRIBBLE 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Server Pulse 1.03.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\ShareNet 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Sharp Zip Wrapper 1.01.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Snow Wonderland Screensaver 1.1.0.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\SoundTrek Drummer 1.0.2.2.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\SQLCE Database Viewer 2.4111.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Starburst 22.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Stock Analysis and Selection Software - SASS 1.6.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Supreme Invoices Basic 1.0.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Taskix 1.5.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Temperature Converter 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Thaiphoon Viewer 1.0 Build 1130 Final.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\The Onion Peeler 1.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Tiff Pdf Cleaner 1.01.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\TikiBar TV 1.0.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\TomTom.Mobile.v6.02.S60v3.SymbianOS9.1.Cracked-BiNPDA.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Transpan 5.01.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Turbo Email Answer 2.1.4.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Unite Video Redactor 1.02.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Verbiage 1.51.00.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Web Pic Rip 1.2.2.26.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Windows Media Playback 1.0.0.842.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Wise DVD To IPOD 3GP PSP MP4 Converter 5.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\WordHacker Golden Edition 4.1.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\WordSafe 2.0.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\X-Lizard Password Generator 1.5.zip
Deleted ! - C:\Users\Erwan\AppData\Roaming\m\shared\Yellow Pages Czech republic 1.0.zip
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\m"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers\srosa2.sys"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers\wfsintwq.sys"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers\winupgro.exe"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\Erwan\AppData\Roaming\drivers"
»»»» Supression files in C:\Users\Erwan\AppData\Local\Temp
»»»» Supression files in C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64[2].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64_1[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64_3[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\5DZ4FJJ0\b64_5[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\b64[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\b64_1[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\b64_2[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\b64_3[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\file[1].txt
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\file[2].txt
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\C84M4VE1\file[3].txt
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\WCKJRLZG\b64[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\WCKJRLZG\b64_2[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\WCKJRLZG\mxd[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\b64_1[1].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\b64_1[2].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\b64_1[3].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\b64_1[4].jpg
Deleted ! - C:\Users\Erwan\Local Settings\Temporary Internet Files\Content.IE5\XWCZ20AI\file[1].txt
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\patch
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-3659748291-2570457840-1553638760-1000\Software\MuleAppData
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
EapHost - Type of startup = 2
Wlansvc - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
WinDefend - Type of startup = 2
-> UAC is Enable
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM
+- deleting files :
Not deleted !! - E:\autorun.inf
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Other Infections ] ----------------
Références de comparaison Bagle MD5 :
113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\wintems.exe
895c7dd60d43bc828d2355a956d9db27 C:\Users\Erwan\AppData\Roaming\drivers\winupgro.exe
895c7dd60d43bc828d2355a956d9db27 C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
Suspect ! - 895c7dd60d43bc828d2355a956d9db27 C:\Program Files\Electronic Arts\EADM\Core.exe -silent
Suspect ! - 895c7dd60d43bc828d2355a956d9db27 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
18 janv. 2009 à 22:28
18 janv. 2009 à 22:28
Supprime ces fichiers stp (sans les ouvrir !!!)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
***********
- Télécharge HijackThis Version 2.02 :
= = = = >>> En cliquant ici <<< = = = =
- Enregistre HJTInstall.exe sur ton bureau.
- Fais un double-clic (gauche) sur HJTInstall.exe afin de lancer l’installation
- Clique sur Install ensuite sur « I Accept »
- Clique sur « Do a scan system and save log file »
- Le bloc-notes s’ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
***********
- Télécharge HijackThis Version 2.02 :
= = = = >>> En cliquant ici <<< = = = =
- Enregistre HJTInstall.exe sur ton bureau.
- Fais un double-clic (gauche) sur HJTInstall.exe afin de lancer l’installation
- Clique sur Install ensuite sur « I Accept »
- Clique sur « Do a scan system and save log file »
- Le bloc-notes s’ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:05, on 18/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo123] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Scan saved at 22:32:05, on 18/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo123] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
18 janv. 2009 à 22:45
18 janv. 2009 à 22:45
Supprime les de la corbeille également.
************
Analyse ce fichier :
c:\RecInfo\RecInfo.exe
Sur le site de virustotal :
https://www.virustotal.com/gui/
Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.
Poste le rapport.
************
Analyse ce fichier :
c:\RecInfo\RecInfo.exe
Sur le site de virustotal :
https://www.virustotal.com/gui/
Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.
Poste le rapport.
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
18 janv. 2009 à 22:53
18 janv. 2009 à 22:53
"2008.07.22 20:25:22"
Refais le analyser maintenant !
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.18 -
AhnLab-V3 2009.1.15.0 2009.01.17 -
AntiVir 7.9.0.57 2009.01.18 -
Authentium 5.1.0.4 2009.01.18 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.18 -
BitDefender 7.2 2009.01.18 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.18 -
Comodo 935 2009.01.18 -
DrWeb 4.44.0.09170 2009.01.18 -
eSafe 7.0.17.0 2009.01.18 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.18 -
F-Secure 8.0.14470.0 2009.01.18 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.18 -
Ikarus T3.1.1.45.0 2009.01.18 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.18 -
McAfee 5499 2009.01.18 -
McAfee+Artemis 5499 2009.01.18 -
Microsoft 1.4205 2009.01.18 -
NOD32 3775 2009.01.18 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.18 -
Prevx1 V2 2009.01.18 -
Rising 21.12.62.00 2009.01.18 -
SecureWeb-Gateway 6.7.6 2009.01.18 -
Sophos 4.37.0 2009.01.18 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.18 -
TheHacker 6.3.1.5.223 2009.01.18 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.18 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.18 -
Information additionnelle
File size: 2764800 bytes
MD5...: 8e382b0c5f16daf17b3c1cf5205846d1
SHA1..: 9bbcfe2ca30ec4683d3cbb389fb7ffb6d77eede5
SHA256: 916ef2f99050841fb5aa2662ae0451255eba0429122e4984cbe9d53b15f9e725
SHA512: 8a3e0441ecb9096921fea7b1f85035119fbc8c38b330fea861f976fab4e7319c
e892a4c6f6d48c7f551d07768e734f5c986692999454cf27a06eae8a3f13b060
ssdeep: 768:iB+aCpZ4rt78B/rjAgrTBqPEBPjFJDD2krCbht9t7Mdpub3vcM6gwh4gQLu:
8lrt78BTjAgJBPZR2B3v7Mdpub8D46
PEiD..: -
TrID..: File type identification
Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Windows Screen Saver (14.1%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x6a0eee
timedatestamp.....: 0x471dee89 (Tue Oct 23 12:52:25 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x29eef4 0x29f000 0.87 8e0bce18abf50795e29b50a822ab8b1a
.sdata 0x2a2000 0xa6 0x1000 0.41 69bb16bae47cfa7016e13383b6a52f2a
.rsrc 0x2a4000 0x7f0 0x1000 1.62 4d6c785c8b5c126ed200222995afcc2d
.reloc 0x2a6000 0xc 0x1000 0.01 5549acc2afdb623692fcff1aa701b9eb
( 1 imports )
> mscoree.dll: _CorExeMain
( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=8e382b0c5f16daf17b3c1cf5205846d1' target='_blank'>http://research.sunbelt-software.com/...
a-squared 4.0.0.73 2009.01.18 -
AhnLab-V3 2009.1.15.0 2009.01.17 -
AntiVir 7.9.0.57 2009.01.18 -
Authentium 5.1.0.4 2009.01.18 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.18 -
BitDefender 7.2 2009.01.18 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.18 -
Comodo 935 2009.01.18 -
DrWeb 4.44.0.09170 2009.01.18 -
eSafe 7.0.17.0 2009.01.18 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.18 -
F-Secure 8.0.14470.0 2009.01.18 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.18 -
Ikarus T3.1.1.45.0 2009.01.18 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.18 -
McAfee 5499 2009.01.18 -
McAfee+Artemis 5499 2009.01.18 -
Microsoft 1.4205 2009.01.18 -
NOD32 3775 2009.01.18 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.18 -
Prevx1 V2 2009.01.18 -
Rising 21.12.62.00 2009.01.18 -
SecureWeb-Gateway 6.7.6 2009.01.18 -
Sophos 4.37.0 2009.01.18 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.18 -
TheHacker 6.3.1.5.223 2009.01.18 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.18 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.18 -
Information additionnelle
File size: 2764800 bytes
MD5...: 8e382b0c5f16daf17b3c1cf5205846d1
SHA1..: 9bbcfe2ca30ec4683d3cbb389fb7ffb6d77eede5
SHA256: 916ef2f99050841fb5aa2662ae0451255eba0429122e4984cbe9d53b15f9e725
SHA512: 8a3e0441ecb9096921fea7b1f85035119fbc8c38b330fea861f976fab4e7319c
e892a4c6f6d48c7f551d07768e734f5c986692999454cf27a06eae8a3f13b060
ssdeep: 768:iB+aCpZ4rt78B/rjAgrTBqPEBPjFJDD2krCbht9t7Mdpub3vcM6gwh4gQLu:
8lrt78BTjAgJBPZR2B3v7Mdpub8D46
PEiD..: -
TrID..: File type identification
Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Windows Screen Saver (14.1%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x6a0eee
timedatestamp.....: 0x471dee89 (Tue Oct 23 12:52:25 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x29eef4 0x29f000 0.87 8e0bce18abf50795e29b50a822ab8b1a
.sdata 0x2a2000 0xa6 0x1000 0.41 69bb16bae47cfa7016e13383b6a52f2a
.rsrc 0x2a4000 0x7f0 0x1000 1.62 4d6c785c8b5c126ed200222995afcc2d
.reloc 0x2a6000 0xc 0x1000 0.01 5549acc2afdb623692fcff1aa701b9eb
( 1 imports )
> mscoree.dll: _CorExeMain
( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=8e382b0c5f16daf17b3c1cf5205846d1' target='_blank'>http://research.sunbelt-software.com/...
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
18 janv. 2009 à 23:01
18 janv. 2009 à 23:01
ok.
Télécharge Malwarebytes’ Anti-Malware
= = = = >>> En cliquant ici <<< = = = =
- Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
- Enregistres le sur le bureau
- Double cliques sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-cliques sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Cliques sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu cliques dessus pour l’afficher une fois affiché
- Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu cliques droit dans le cadre de la réponse et coller
Si tu as besoin d’aide regarde ce tutorial ICI
Télécharge Malwarebytes’ Anti-Malware
= = = = >>> En cliquant ici <<< = = = =
- Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
- Enregistres le sur le bureau
- Double cliques sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-cliques sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Cliques sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu cliques dessus pour l’afficher une fois affiché
- Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu cliques droit dans le cadre de la réponse et coller
Si tu as besoin d’aide regarde ce tutorial ICI
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1666
Windows 6.0.6000
19/01/2009 00:19:34
mbam-log-2009-01-19 (00-19-34).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 140389
Temps écoulé: 1 hour(s), 13 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\a (Trojan.Agent) -> Delete on reboot.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
Version de la base de données: 1666
Windows 6.0.6000
19/01/2009 00:19:34
mbam-log-2009-01-19 (00-19-34).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 140389
Temps écoulé: 1 hour(s), 13 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\a (Trojan.Agent) -> Delete on reboot.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
19 janv. 2009 à 00:24
19 janv. 2009 à 00:24
Télécharges Ad-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
= = = =>>> En cliquant ici <<<= = = =
/!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. (C:\Program files )
● Clique droit sur l'icône Ad-remover située sur ton bureau, puis "Exécuter en tant qu'administrateur"
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparaît à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus
= = = =>>> En cliquant ici <<<= = = =
/!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. (C:\Program files )
● Clique droit sur l'icône Ad-remover située sur ton bureau, puis "Exécuter en tant qu'administrateur"
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparaît à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus
Désolé de ne pas avoir prévenut pour mon départ mais j'ai dut partir urgemment.
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
Start at: 16:57:19 | Mon 19/01/2009 | Microsoft® Windows Vista™ Home Premium (V6.0.6000)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: PC-DE-ERWAN | User: Erwan ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 64
+--------------------| Boonty/Boonty Games Elements Found :
.
.
+--------------------| Eorezo Elements Found :
Process: "EOENGINE.EXE" [PID:~2276]
.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\ConfMedia.cyp
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoTools_26.dll
C:\Program Files\EoRezo\EoRezoTools_27.dll
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\lang
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoAdv\tmp
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.779
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
C:\Users\Erwan\AppData\Roaming\EoRezo
C:\Users\Erwan\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\ConfMedia.cyp.old
C:\Users\Erwan\AppData\Roaming\EoRezo\db
C:\Users\Erwan\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Erwan\AppData\Roaming\EoRezo\eoStats
C:\Users\Erwan\AppData\Roaming\EoRezo\host.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\user.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Erwan\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Erwan\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\Erwan\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Cookies\erwan@eorezo[1].txt
+--------------------| Everest Casino/Everest Poker Elements Found :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :
.
.
+--------------------| It's TV Elements Found :
.
+--------------------| Sweetim Elements Found :
.
.
+--------------------| Added Scan :
+---------- SCANNING PREFS.JS ... ( # Mozilla user preferences )
..\scycngq3.default\prefs.js :
~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~
* BROWSER SEARCH DEFAULT ENGINE: "Live Search"
* BROWSER SEARCH SELECTED ENGINE: "Live Search"
* BROWSER SEARCH DEFAULT URL: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* BROWSER STARTUP HOMEPAGE: "https://www.msn.com/fr-fr"
.
+---------------------------------------------------------------------------+
~~~~ INTERNET EXPLORER VERSION 7.0.6000.16764 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://go.microsoft.com/fwlink/?LinkId=69157
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://go.microsoft.com/fwlink/?LinkId=69157
+---------------------------------------------------------------------------+
[~5069 BYTES] - "C:\AD-REPORT-SCAN-19.01.2009.LOG"
End at: 16:58:20 | 19/01/2009 - Time elapsed: 61.5 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 116 Lines ]
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
Start at: 16:57:19 | Mon 19/01/2009 | Microsoft® Windows Vista™ Home Premium (V6.0.6000)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: PC-DE-ERWAN | User: Erwan ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 64
+--------------------| Boonty/Boonty Games Elements Found :
.
.
+--------------------| Eorezo Elements Found :
Process: "EOENGINE.EXE" [PID:~2276]
.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\ConfMedia.cyp
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoTools_26.dll
C:\Program Files\EoRezo\EoRezoTools_27.dll
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\lang
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoAdv\tmp
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.779
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
C:\Users\Erwan\AppData\Roaming\EoRezo
C:\Users\Erwan\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\ConfMedia.cyp.old
C:\Users\Erwan\AppData\Roaming\EoRezo\db
C:\Users\Erwan\AppData\Roaming\EoRezo\eoDesktop
C:\Users\Erwan\AppData\Roaming\EoRezo\eoStats
C:\Users\Erwan\AppData\Roaming\EoRezo\host.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\user.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\Erwan\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\Erwan\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\Erwan\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\Erwan\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Cookies\erwan@eorezo[1].txt
+--------------------| Everest Casino/Everest Poker Elements Found :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :
.
.
+--------------------| It's TV Elements Found :
.
+--------------------| Sweetim Elements Found :
.
.
+--------------------| Added Scan :
+---------- SCANNING PREFS.JS ... ( # Mozilla user preferences )
..\scycngq3.default\prefs.js :
~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~
* BROWSER SEARCH DEFAULT ENGINE: "Live Search"
* BROWSER SEARCH SELECTED ENGINE: "Live Search"
* BROWSER SEARCH DEFAULT URL: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* BROWSER STARTUP HOMEPAGE: "https://www.msn.com/fr-fr"
.
+---------------------------------------------------------------------------+
~~~~ INTERNET EXPLORER VERSION 7.0.6000.16764 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://go.microsoft.com/fwlink/?LinkId=69157
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://go.microsoft.com/fwlink/?LinkId=69157
+---------------------------------------------------------------------------+
[~5069 BYTES] - "C:\AD-REPORT-SCAN-19.01.2009.LOG"
End at: 16:58:20 | 19/01/2009 - Time elapsed: 61.5 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 116 Lines ]
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
19 janv. 2009 à 18:23
19 janv. 2009 à 18:23
Pas de souci
▶ ! Déconnecte toi et fermes toutes applications en cours !
▶ Relance "Ad-remover" par clic droit, Exécuter en tant qu'administrateur. Au menu principal choisi l'option "B".
= = = =>>> Comme sur cette image <<<= = = =
▶ Ensuite coche:
Eorezo
Pour ‘cocher’, tape chaque numéro correspondant puis entrée pour valider.
▶ Puis tape S
▶ Le programme va travailler ...
▶ Poste le rapport qui apparaît à la fin + un nouveau rapport Hijackthis pour analyse.
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valide) /!\
Réactive ton antivirus si tu l’avais bien désactivé !
▶ ! Déconnecte toi et fermes toutes applications en cours !
▶ Relance "Ad-remover" par clic droit, Exécuter en tant qu'administrateur. Au menu principal choisi l'option "B".
= = = =>>> Comme sur cette image <<<= = = =
▶ Ensuite coche:
Eorezo
Pour ‘cocher’, tape chaque numéro correspondant puis entrée pour valider.
▶ Puis tape S
▶ Le programme va travailler ...
▶ Poste le rapport qui apparaît à la fin + un nouveau rapport Hijackthis pour analyse.
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valide) /!\
Réactive ton antivirus si tu l’avais bien désactivé !
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
*** LIMITED TO ***
Eorezo
******************
Start at: 18:39:31 | Mon 19/01/2009 | Microsoft® Windows Vista™ Home Premium (V6.0.6000)
Boot mode: Normal
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: PC-DE-ERWAN | User: Erwan ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 63
(!) ---- IE start pages reset
+--------------------| Eorezo Elements Deleted :
Process: "EOENGINE.EXE" [PID:~2276]
.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
.
C:\Program Files\EoRezo
C:\Users\Erwan\AppData\Roaming\EoRezo
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+--------------------| Added Scan :
+---------- SCANNING PREFS.JS ... ( # MOZILLA USER PREFERENCES )
..\scycngq3.default\prefs.js :
~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~
* BROWSER SEARCH DEFAULT ENGINE: "Live Search"
* BROWSER SEARCH SELECTED ENGINE: "Live Search"
* BROWSER SEARCH DEFAULT URL: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* BROWSER STARTUP HOMEPAGE: "https://www.msn.com/fr-fr"
.
+---------------------------------------------------------------------------+
~~~~ INTERNET EXPLORER VERSION 7.0.6000.16764 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
[~2388 BYTES] - "C:\AD-REPORT-CLEAN-19.01.2009.LOG"
[~5402 BYTES] - "C:\AD-REPORT-SCAN-19.01.2009.LOG"
End at: 18:40:20 | 19/01/2009 - Time elapsed: 49.1 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 53 Lines ]
+---------------------------------------------------------------------------+
Updated by C_XX on 17/01/2009 at 12:00
*** LIMITED TO ***
Eorezo
******************
Start at: 18:39:31 | Mon 19/01/2009 | Microsoft® Windows Vista™ Home Premium (V6.0.6000)
Boot mode: Normal
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: PC-DE-ERWAN | User: Erwan ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 63
(!) ---- IE start pages reset
+--------------------| Eorezo Elements Deleted :
Process: "EOENGINE.EXE" [PID:~2276]
.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\EOENGINE
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
.
C:\Program Files\EoRezo
C:\Users\Erwan\AppData\Roaming\EoRezo
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+--------------------| Added Scan :
+---------- SCANNING PREFS.JS ... ( # MOZILLA USER PREFERENCES )
..\scycngq3.default\prefs.js :
~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~
* BROWSER SEARCH DEFAULT ENGINE: "Live Search"
* BROWSER SEARCH SELECTED ENGINE: "Live Search"
* BROWSER SEARCH DEFAULT URL: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* BROWSER STARTUP HOMEPAGE: "https://www.msn.com/fr-fr"
.
+---------------------------------------------------------------------------+
~~~~ INTERNET EXPLORER VERSION 7.0.6000.16764 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
[~2388 BYTES] - "C:\AD-REPORT-CLEAN-19.01.2009.LOG"
[~5402 BYTES] - "C:\AD-REPORT-SCAN-19.01.2009.LOG"
End at: 18:40:20 | 19/01/2009 - Time elapsed: 49.1 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 53 Lines ]
+---------------------------------------------------------------------------+
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
19 janv. 2009 à 18:47
19 janv. 2009 à 18:47
Poste un nouveau rapport hijackthis.
Supprime la quarantaine de malwarebytes anti malware.
Supprime la quarantaine de malwarebytes anti malware.
La quarantaine était déjà supprimer
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:49, on 19/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo123] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:49, on 19/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo123] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Erwan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
19 janv. 2009 à 19:08
19 janv. 2009 à 19:08
Je vais te donner du boulot là ! lol
Relance Hijackthis.
Clic sur "Do a system scan only".
Coche ces lignes :
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Clic ensuite sur fix checked.
****************************
Suis cette procédure pour supprimer toutes les traces de Norton :
= = = =>>> En cliquant ici <<<= = = =
Tu ne fais bien entendu pas l'étape 3 de la réinstallation.
****************************
Mets à jour Vista en téléchargeant le pack SP1
= = = =>>> En cliquant ici <<<= = = =
***************************
Pour information, Antivir d’Avira est meilleur qu’Avast ou autre antivirus gratuit.
Si ça t’intéresse, désinstalle le tien et installe Antivir.
Tout est expliqué sur ce lien, du téléchargement à la configuration.
****************************
Mets à jour Adobe Acrobat Reader en téléchargeant la version 9 = = = =>>> En cliquant ici <<<= = = =
****************************
Pour supprimer les anciennes versions de Java et télécharger la nouvelle,
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries sur ton Bureau :
= = = =>>> En cliquant ici <<<= = = =
* Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique sur le répertoire JavaRa
* Puis clique droit sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher), puis "Exécuter en tant qu'administrateur"
* Sélectionne ta langue puis clique sur Select
* Clique sur Recherche de mises à jour
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher
* Autorise le processus à se connecter s'il le demande, clique sur Install et suis les instructions d'installation qui prennent quelques minutes
* L'installation est terminée
* Reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur Ok, puis une deuxième fois sur Ok.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.
Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
*********************
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau
= = = =>>> En cliquant ici <<<= = = =
* Clique droit sur ToolsCleaner2.exe, "Exécuter en tant qu'administrateur" et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse.
***********************
* Télécharge Ccleaner (N’installe pas la barre d’outil Yahoo):
= = = = >>> En cliquant ici <<< = = = =
* L´installer.
* Choisis l’onglet Nettoyeur
Quitte ton navigateur Internet avant de le lancer, décoche la dernière case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" quand il aura terminé le scan cliques en bas à droite sur "lancer le nettoyage" et accepte par oui.
Attention, il risque de vider ta corbeille : si tu veux récupérer des fichiers effacés par erreur, mieux vaut le faire maintenant.
* Choisis l’onglet Registre
- Clic sur Chercher des erreurs
- Une fois la recherche terminée, clic sur Réparer les erreurs sélectionnées (par défaut, tout est sélectionné, laisse comme ça)
- Au message Voulez-vous sauvegarder les changements faits dans le registre, répond oui et enregistre le fichier « .reg » en le nommant par la date par exemple en le mettant sur le bureau. Puis continue.
- A la fenêtre qui s’ouvre ensuite, clic sur Corriger toutes les erreurs sélectionnées puis OK
- Ferme Ccleaner.
* Tutoriel en image ICI si besoin.
Note : La sauvegarde utilisée permet de remettre tel que la base était avant la manipulation au cas où il y aurait des soucis mais cela ne m’est jamais arrivé ! Il vaut mieux prendre des précautions, c’est tout. ;-)
Relance Hijackthis.
Clic sur "Do a system scan only".
Coche ces lignes :
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Clic ensuite sur fix checked.
****************************
Suis cette procédure pour supprimer toutes les traces de Norton :
= = = =>>> En cliquant ici <<<= = = =
Tu ne fais bien entendu pas l'étape 3 de la réinstallation.
****************************
Mets à jour Vista en téléchargeant le pack SP1
= = = =>>> En cliquant ici <<<= = = =
***************************
Pour information, Antivir d’Avira est meilleur qu’Avast ou autre antivirus gratuit.
Si ça t’intéresse, désinstalle le tien et installe Antivir.
Tout est expliqué sur ce lien, du téléchargement à la configuration.
****************************
Mets à jour Adobe Acrobat Reader en téléchargeant la version 9 = = = =>>> En cliquant ici <<<= = = =
****************************
Pour supprimer les anciennes versions de Java et télécharger la nouvelle,
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries sur ton Bureau :
= = = =>>> En cliquant ici <<<= = = =
* Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique sur le répertoire JavaRa
* Puis clique droit sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher), puis "Exécuter en tant qu'administrateur"
* Sélectionne ta langue puis clique sur Select
* Clique sur Recherche de mises à jour
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher
* Autorise le processus à se connecter s'il le demande, clique sur Install et suis les instructions d'installation qui prennent quelques minutes
* L'installation est terminée
* Reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur Ok, puis une deuxième fois sur Ok.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.
Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
*********************
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau
= = = =>>> En cliquant ici <<<= = = =
* Clique droit sur ToolsCleaner2.exe, "Exécuter en tant qu'administrateur" et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse.
***********************
* Télécharge Ccleaner (N’installe pas la barre d’outil Yahoo):
= = = = >>> En cliquant ici <<< = = = =
* L´installer.
* Choisis l’onglet Nettoyeur
Quitte ton navigateur Internet avant de le lancer, décoche la dernière case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" quand il aura terminé le scan cliques en bas à droite sur "lancer le nettoyage" et accepte par oui.
Attention, il risque de vider ta corbeille : si tu veux récupérer des fichiers effacés par erreur, mieux vaut le faire maintenant.
* Choisis l’onglet Registre
- Clic sur Chercher des erreurs
- Une fois la recherche terminée, clic sur Réparer les erreurs sélectionnées (par défaut, tout est sélectionné, laisse comme ça)
- Au message Voulez-vous sauvegarder les changements faits dans le registre, répond oui et enregistre le fichier « .reg » en le nommant par la date par exemple en le mettant sur le bureau. Puis continue.
- A la fenêtre qui s’ouvre ensuite, clic sur Corriger toutes les erreurs sélectionnées puis OK
- Ferme Ccleaner.
* Tutoriel en image ICI si besoin.
Note : La sauvegarde utilisée permet de remettre tel que la base était avant la manipulation au cas où il y aurait des soucis mais cela ne m’est jamais arrivé ! Il vaut mieux prendre des précautions, c’est tout. ;-)
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
19 janv. 2009 à 19:45
19 janv. 2009 à 19:45
Ce n'est pas du à une infection donc crée un nouveau message dans le forum appropprié.
Poste les rapports demandés tout de même.
Poste les rapports demandés tout de même.
Voilà le rapport javara
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Jan 19 21:33:31 2009
Found and removed: C:\Program Files\Java\jre1.6.0_06
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Classes\JavaPlugin.160_06
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\JavaPlugin.160_06
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\
------------------------------------
Finished reporting.
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Jan 19 21:33:31 2009
Found and removed: C:\Program Files\Java\jre1.6.0_06
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Classes\JavaPlugin.160_06
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\JavaPlugin.160_06
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\
------------------------------------
Finished reporting.
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
19 janv. 2009 à 21:40
19 janv. 2009 à 21:40
Très bien, passe à la suite :D
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
19 janv. 2009 à 21:45
19 janv. 2009 à 21:45
ferme le et relance le sans toucher au PC.
Sois patient (10 minutes maximum environ).
Sois patient (10 minutes maximum environ).
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\FindyKill.txt: trouvé !
C:\Qoobox: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\Erwan\Desktop\HijackThis.lnk: trouvé !
C:\Users\Erwan\Desktop\HJTInstall.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Erwan\Desktop\HijackThis.lnk: supprimé !
C:\Users\Erwan\Desktop\HJTInstall.exe: supprimé !
C:\FindyKill.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
-->- Recherche:
C:\FindyKill.txt: trouvé !
C:\Qoobox: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\Erwan\Desktop\HijackThis.lnk: trouvé !
C:\Users\Erwan\Desktop\HJTInstall.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Erwan\Desktop\HijackThis.lnk: supprimé !
C:\Users\Erwan\Desktop\HJTInstall.exe: supprimé !
C:\FindyKill.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\Users\Erwan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
19 janv. 2009 à 21:59
19 janv. 2009 à 21:59
Supprime
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill
si présents.
j'espère que tu as bien fait toutes les mises à jour (SP1, adobe acrobat reader).
Supprime le dossier javara et toolscleaner.
*************
/!\ Très important /!\
Désactive et réactive ta restauration système.
Démarrer, clic droit</gras> sur Poste de travail, Propriétés, onglet Restauration du système, Désactiver la restauration du système, puis Appliquer et ok, ok.
(N'oublie pas la manipulation inverse pour la réactiver).
************
Comment va le PC ??
D'autres soucis particuliers ???
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill
si présents.
j'espère que tu as bien fait toutes les mises à jour (SP1, adobe acrobat reader).
Supprime le dossier javara et toolscleaner.
*************
/!\ Très important /!\
Désactive et réactive ta restauration système.
Démarrer, clic droit</gras> sur Poste de travail, Propriétés, onglet Restauration du système, Désactiver la restauration du système, puis Appliquer et ok, ok.
(N'oublie pas la manipulation inverse pour la réactiver).
************
Comment va le PC ??
D'autres soucis particuliers ???
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 998
19 janv. 2009 à 22:22
19 janv. 2009 à 22:22
J'ai oublié ça :
Installe un pare feu car celui de Windows n’est pas suffisant.
ZoneAlarm :
= = = = >>> En cliquant ici <<< = = = =
Un tutorial pour le configurer
= = = = >>> En cliquant ici <<< = = = =
Si celui là ne te convient pas,prends en un autre tel que online armor ;-)
bonne continuation.
Crapoulou.
Installe un pare feu car celui de Windows n’est pas suffisant.
ZoneAlarm :
= = = = >>> En cliquant ici <<< = = = =
Un tutorial pour le configurer
= = = = >>> En cliquant ici <<< = = = =
Si celui là ne te convient pas,prends en un autre tel que online armor ;-)
bonne continuation.
Crapoulou.
18 janv. 2009 à 21:39